The DomainTools Real-Time Threat CDF integration enables ThreatQ users to ingest and operationalize high-value domain and hostname intelligence from DomainTools. By integrating multiple DomainTools intelligence feeds directly into the ThreatQ platform, this integration supports continuous enrichment of the Threat Library with newly observed, newly active, and high-risk domain indicators.

The integration provides the following feeds:

• DomainTools Domain Hotlist - ingests a list of active, high-risk domains with observed activity measured by DomainTools’ global passive DNS sensor network.
• DomainTools Domain Risk - delivers domain-centric risk intelligence designed to identify and assess potentially malicious or suspicious domains.
• DomainTools Newly Observed Domains - ingests domains detected for the first time, enabling early identification of emerging online infrastructure.
• DomainTools Newly Active Domains - ingests data on domains that have recently begun resolving or exhibiting signs of activity.
• DomainTools Newly Observed Hostnames - ingests data on newly detected hostnames that may indicate emerging or evolving attacker infrastructure.
• DomainTools Domain Discovery - ingests data on domains that have recently begun resolving or exhibiting signs of activity. 

The integration ingests indicators and indicator attributes into ThreatQ.